In ProxySG deployments where streaming media is prohibited, some organizations would still like to permit access to the login, queuing, and other functions of Netflix. 

The policy detailed in the steps below will deny only the streaming of video from netfix.com.

1. Log in to the ProxySG's web-based management console.
2. Go to Configuration > Policy > Visual Policy Manager and click Launch. The Visual Policy Manager (VPM) window opens.
3. Open a Web Access layer, where you intend to place this new rule.
4. Click add rule.
5. Right-click the destination field in this new rule, click Set > New > Request URL
6. Click the Advanced radio button.
7. In the Host field, type: netflix.com
8. To the right of the host field, click the drop-down menu and select Contains.
9. In the Path field, type: wiplayer
10. To the right of the path field, click the drop-down menu and select Contains.
11. Name the new Request URL Object as Netflix No Video (or your preferred name for this object).
12. Click Add, Close, then OK.
13. The default action in this rule is Deny, but you can change this to Deny (Content Filter) or your preferred custom exception (using 'return exception') as desired. 
14. Move this rule above any other rule that would allow access to Netflix.com, either by name, category, (currently rated as Entertainment and TV/Video Streams by Blue Coat Web Filter).
15. Click Install Policy,
     

Here is a sample policy, as defined in CPL for use in Local or Central policy files:

<proxy>
url.host.substring="netflix.com" url.path.substring="wiplayer" deny
url.host.substring="netflix.com" allow